I choose them because their second argument can be crafted. On Aug 12, 2021, at 10:29 AM, Hendrik Leppkes <h.lepp...@gmail.com<mailto:h.lepp...@gmail.com>> wrote:
On Thu, Aug 12, 2021 at 6:53 AM maryam ebrahimzadeh <me22...@outlook.com<mailto:me22...@outlook.com>> wrote: --- libavcodec/vc1dec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 1fb1950ade..07d60294f2 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -444,7 +444,9 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx) // the last byte of the extradata is a version number, 1 for the // samples we can decode - init_get_bits(&gb, avctx->extradata, avctx->extradata_size*8); + ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size); + if (ret < 0) + return ret; if ((ret = ff_vc1_decode_sequence_header(avctx, v, &gb)) < 0) return ret; @@ -771,7 +773,9 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, } init_get_bits(&s->gb, buf2, buf_size2*8); } else - init_get_bits(&s->gb, buf, buf_size*8); + ret = init_get_bits8(&s->gb, buf, buf_size); + if (ret < 0) + return ret; if (v->res_sprite) { v->new_sprite = !get_bits1(&s->gb); There is a whole bunch of other cases in vc1dec.c, I can even see one in the patch context there. Any reason you picked only these two to change? - Hendrik _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org<mailto:ffmpeg-devel@ffmpeg.org> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org<mailto:ffmpeg-devel-requ...@ffmpeg.org> with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
